Poly Network returns almost half of stolen $600 million in crypto
In a new twist to the hack saga of Poly Network, the exploiter has returned nearly half of the stolen assets – worth about $260 million – back to the decentralized finance network.
Poly Network said it had started receiving money back from the hacker, who drained $600 million in cryptocurrency from the DeFi protocol, sharing the details on Twitter about polygon tokens it has retrieved back.
The transactions included some extremely large amounts, such as one for $4.8 million sent back to the Poly Network addresses.
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
The remainings are $269M on Ethereum, $84M on Polygon
— Poly Network (@PolyNetwork2) August 11, 2021
It’s not clear, however, if the attackers returned exactly the same balance of assets as were stolen, or sent back some of the value in other types of tokens. All told, by 11 a.m. ET, they handed back crypto assets worth roughly $258.
Poly Network’s incident is the biggest Defi hack and one of the biggest crypto heists ever.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics. In this case the hacker concluded that the safest option was just to return the stolen assets,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic told CNBC.
Researchers at security company SlowMist said the attacker exploited some functions within Poly Network’s cross-chain interoperability protocol to pass in carefully constructed data to modify “the keeper of the EthCrossChainData contract.”
SlowMist said in another tweet that its security team has identified the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues.
Poly Network, which posted a plea on Twitter asking the hacker for the money back, said the attack took place on across the binance, polygon and ethereum blockchains. It also involved various tokens, including shiba inu, wrapped ether, wrapped bitcoin, uniswap and a series of stablecoins.
— Poly Network (@PolyNetwork2) August 10, 2021
Poly Network also published the hacker’s wallet addresses and urged crypto exchanges and miners to halt transactions from these addresses.
In response, Binance CEO Changpeng Zhao said they are aware of the exploit and that his exchange is coordinating with all security partners to proactively help.
“There are no guarantees. We will do as much as we can,” he concluded.
In addition, the issuer of Tether has frozen $33 million worth of the stablecoin that was part of the theft, Paolo Ardoino, its chief technology officer said on Twitter.
Poly Network is an interoperability protocol that allows for cross-chain sharing of assets and information. It allows applications and tokens on specific networks to connect with and transfer across to other participating blockchains, including Bitcoin, Ethereum, Neo, Ontology, Elrond, Zilliqa, Binance Smart Chain, Switcheo, Huobi ECO Chain and OKExChain.